Sign-up

ID

VAR-201907-0117


CVE

CVE-2019-5458


TITLE

Http-file-server cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-25322 // CNNVD: CNNVD-201907-1574

DESCRIPTION

Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. http-file-server Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Http-file-server is an HTTP file server. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2019-5458 // JVNDB: JVNDB-2019-007123 // CNVD: CNVD-2019-25322

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-25322

AFFECTED PRODUCTS

vendor:http file servermodel:http-file-serverscope:eqversion:0.2.3

Trust: 1.0

vendor:http file servermodel:http-file-serverscope:eqversion:0.2.1

Trust: 1.0

vendor:http file servermodel:http-file-serverscope:eqversion:0.1.0

Trust: 1.0

vendor:http file servermodel:http-file-serverscope:eqversion:0.2.6

Trust: 1.0

vendor:http file servermodel:http-file-serverscope:eqversion:0.2.0

Trust: 1.0

vendor:http file servermodel:http-file-serverscope:eqversion:0.2.5

Trust: 1.0

vendor:http file servermodel:http-file-serverscope:eqversion:0.2.4

Trust: 1.0

vendor:http file servermodel:http-file-serverscope:eqversion:0.2.2

Trust: 1.0

vendor:rejettomodel:http file serverscope: - version: -

Trust: 0.8

vendor:http file servermodel:http-file-serverscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-25322 // JVNDB: JVNDB-2019-007123 // NVD: CVE-2019-5458

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5458
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5458
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-25322
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-1574
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5458
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-25322
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5458
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-5458
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-25322 // JVNDB: JVNDB-2019-007123 // CNNVD: CNNVD-201907-1574 // NVD: CVE-2019-5458

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-007123 // NVD: CVE-2019-5458

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1574

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201907-1574

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007123

PATCH
title:Introductionurl:https://www.rejetto.com/hfs/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-007123

EXTERNAL IDS
db:NVDid:CVE-2019-5458
Trust: 3.0
db:HACKERONEid:570563
Trust: 2.4
db:JVNDBid:JVNDB-2019-007123
Trust: 0.8
db:CNVDid:CNVD-2019-25322
Trust: 0.6
db:CNNVDid:CNNVD-201907-1574
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-25322 // 
            
            
            
            JVNDB: JVNDB-2019-007123 // 
            
            
            
            CNNVD: CNNVD-201907-1574 // 
            
            
            
            NVD: CVE-2019-5458

REFERENCES
url:https://hackerone.com/reports/570563
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-5458
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5458
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-25322 // 
            
            
            
            JVNDB: JVNDB-2019-007123 // 
            
            
            
            CNNVD: CNNVD-201907-1574 // 
            
            
            
            NVD: CVE-2019-5458

SOURCES
db:CNVDid:CNVD-2019-25322
db:JVNDBid:JVNDB-2019-007123
db:CNNVDid:CNNVD-201907-1574
db:NVDid:CVE-2019-5458

LAST UPDATE DATE
2024-11-23T22:16:58.083000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-25322date:2019-07-31T00:00:00
db:JVNDBid:JVNDB-2019-007123date:2019-08-05T00:00:00
db:CNNVDid:CNNVD-201907-1574date:2019-08-02T00:00:00
db:NVDid:CVE-2019-5458date:2024-11-21T04:44:58.353

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-25322date:2019-07-31T00:00:00
db:JVNDBid:JVNDB-2019-007123date:2019-08-05T00:00:00
db:CNNVDid:CNNVD-201907-1574date:2019-07-30T00:00:00
db:NVDid:CVE-2019-5458date:2019-07-30T21:15:12.177